search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[TG3]: Add tagged status support.
[linux-2.6/verdex.git] / net / bridge / netfilter / ebtables.c
blob18ebc664769b1b2442f348060e60147d52176370
1 /*
2 * ebtables
3 *
4 * Author:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, July, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18 /* used for print_string */
19 #include <linux/sched.h>
20 #include <linux/tty.h>
21
22 #include <linux/kmod.h>
23 #include <linux/module.h>
24 #include <linux/vmalloc.h>
25 #include <linux/netfilter_bridge/ebtables.h>
26 #include <linux/spinlock.h>
27 #include <asm/uaccess.h>
28 #include <linux/smp.h>
29 #include <net/sock.h>
30 /* needed for logical [in,out]-dev filtering */
31 #include "../br_private.h"
32
33 /* list_named_find */
34 #define ASSERT_READ_LOCK(x)
35 #define ASSERT_WRITE_LOCK(x)
36 #include <linux/netfilter_ipv4/listhelp.h>
37
38 #if 0
39 /* use this for remote debugging
40 * Copyright (C) 1998 by Ori Pomerantz
41 * Print the string to the appropriate tty, the one
42 * the current task uses
43 */
44 static void print_string(char *str)
45 {
46 struct tty_struct *my_tty;
47
48 /* The tty for the current task */
49 my_tty = current->signal->tty;
50 if (my_tty != NULL) {
51 my_tty->driver->write(my_tty, 0, str, strlen(str));
52 my_tty->driver->write(my_tty, 0, "\015\012", 2);
53 }
54 }
55
56 #define BUGPRINT(args) print_string(args);
57 #else
58 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
59 "report to author: "format, ## args)
60 /* #define BUGPRINT(format, args...) */
61 #endif
62 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
63 ": out of memory: "format, ## args)
64 /* #define MEMPRINT(format, args...) */
65
66
67
68 /*
69 * Each cpu has its own set of counters, so there is no need for write_lock in
70 * the softirq
71 * For reading or updating the counters, the user context needs to
72 * get a write_lock
73 */
74
75 /* The size of each set of counters is altered to get cache alignment */
76 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
77 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
78 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
79 COUNTER_OFFSET(n) * cpu))
80
81
82
83 static DECLARE_MUTEX(ebt_mutex);
84 static LIST_HEAD(ebt_tables);
85 static LIST_HEAD(ebt_targets);
86 static LIST_HEAD(ebt_matches);
87 static LIST_HEAD(ebt_watchers);
88
89 static struct ebt_target ebt_standard_target =
90 { {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
91
92 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
93 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
94 const struct net_device *out)
95 {
96 w->u.watcher->watcher(skb, hooknr, in, out, w->data,
97 w->watcher_size);
98 /* watchers don't give a verdict */
99 return 0;
100 }
101
102 static inline int ebt_do_match (struct ebt_entry_match *m,
103 const struct sk_buff *skb, const struct net_device *in,
104 const struct net_device *out)
105 {
106 return m->u.match->match(skb, in, out, m->data,
107 m->match_size);
108 }
109
110 static inline int ebt_dev_check(char *entry, const struct net_device *device)
111 {
112 int i = 0;
113 char *devname = device->name;
114
115 if (*entry == '\0')
116 return 0;
117 if (!device)
118 return 1;
119 /* 1 is the wildcard token */
120 while (entry[i] != '\0' && entry[i] != 1 && entry[i] == devname[i])
121 i++;
122 return (devname[i] != entry[i] && entry[i] != 1);
123 }
124
125 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
126 /* process standard matches */
127 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
128 const struct net_device *in, const struct net_device *out)
129 {
130 int verdict, i;
131
132 if (e->bitmask & EBT_802_3) {
133 if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO))
134 return 1;
135 } else if (!(e->bitmask & EBT_NOPROTO) &&
136 FWINV2(e->ethproto != h->h_proto, EBT_IPROTO))
137 return 1;
138
139 if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN))
140 return 1;
141 if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
142 return 1;
143 if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check(
144 e->logical_in, in->br_port->br->dev), EBT_ILOGICALIN))
145 return 1;
146 if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check(
147 e->logical_out, out->br_port->br->dev), EBT_ILOGICALOUT))
148 return 1;
149
150 if (e->bitmask & EBT_SOURCEMAC) {
151 verdict = 0;
152 for (i = 0; i < 6; i++)
153 verdict |= (h->h_source[i] ^ e->sourcemac[i]) &
154 e->sourcemsk[i];
155 if (FWINV2(verdict != 0, EBT_ISOURCE) )
156 return 1;
157 }
158 if (e->bitmask & EBT_DESTMAC) {
159 verdict = 0;
160 for (i = 0; i < 6; i++)
161 verdict |= (h->h_dest[i] ^ e->destmac[i]) &
162 e->destmsk[i];
163 if (FWINV2(verdict != 0, EBT_IDEST) )
164 return 1;
165 }
166 return 0;
167 }
168
169 /* Do some firewalling */
170 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
171 const struct net_device *in, const struct net_device *out,
172 struct ebt_table *table)
173 {
174 int i, nentries;
175 struct ebt_entry *point;
176 struct ebt_counter *counter_base, *cb_base;
177 struct ebt_entry_target *t;
178 int verdict, sp = 0;
179 struct ebt_chainstack *cs;
180 struct ebt_entries *chaininfo;
181 char *base;
182 struct ebt_table_info *private;
183
184 read_lock_bh(&table->lock);
185 private = table->private;
186 cb_base = COUNTER_BASE(private->counters, private->nentries,
187 smp_processor_id());
188 if (private->chainstack)
189 cs = private->chainstack[smp_processor_id()];
190 else
191 cs = NULL;
192 chaininfo = private->hook_entry[hook];
193 nentries = private->hook_entry[hook]->nentries;
194 point = (struct ebt_entry *)(private->hook_entry[hook]->data);
195 counter_base = cb_base + private->hook_entry[hook]->counter_offset;
196 /* base for chain jumps */
197 base = private->entries;
198 i = 0;
199 while (i < nentries) {
200 if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
201 goto letscontinue;
202
203 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
204 goto letscontinue;
205
206 /* increase counter */
207 (*(counter_base + i)).pcnt++;
208 (*(counter_base + i)).bcnt+=(**pskb).len;
209
210 /* these should only watch: not modify, nor tell us
211 what to do with the packet */
212 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
213 out);
214
215 t = (struct ebt_entry_target *)
216 (((char *)point) + point->target_offset);
217 /* standard target */
218 if (!t->u.target->target)
219 verdict = ((struct ebt_standard_target *)t)->verdict;
220 else
221 verdict = t->u.target->target(pskb, hook,
222 in, out, t->data, t->target_size);
223 if (verdict == EBT_ACCEPT) {
224 read_unlock_bh(&table->lock);
225 return NF_ACCEPT;
226 }
227 if (verdict == EBT_DROP) {
228 read_unlock_bh(&table->lock);
229 return NF_DROP;
230 }
231 if (verdict == EBT_RETURN) {
232 letsreturn:
233 #ifdef CONFIG_NETFILTER_DEBUG
234 if (sp == 0) {
235 BUGPRINT("RETURN on base chain");
236 /* act like this is EBT_CONTINUE */
237 goto letscontinue;
238 }
239 #endif
240 sp--;
241 /* put all the local variables right */
242 i = cs[sp].n;
243 chaininfo = cs[sp].chaininfo;
244 nentries = chaininfo->nentries;
245 point = cs[sp].e;
246 counter_base = cb_base +
247 chaininfo->counter_offset;
248 continue;
249 }
250 if (verdict == EBT_CONTINUE)
251 goto letscontinue;
252 #ifdef CONFIG_NETFILTER_DEBUG
253 if (verdict < 0) {
254 BUGPRINT("bogus standard verdict\n");
255 read_unlock_bh(&table->lock);
256 return NF_DROP;
257 }
258 #endif
259 /* jump to a udc */
260 cs[sp].n = i + 1;
261 cs[sp].chaininfo = chaininfo;
262 cs[sp].e = (struct ebt_entry *)
263 (((char *)point) + point->next_offset);
264 i = 0;
265 chaininfo = (struct ebt_entries *) (base + verdict);
266 #ifdef CONFIG_NETFILTER_DEBUG
267 if (chaininfo->distinguisher) {
268 BUGPRINT("jump to non-chain\n");
269 read_unlock_bh(&table->lock);
270 return NF_DROP;
271 }
272 #endif
273 nentries = chaininfo->nentries;
274 point = (struct ebt_entry *)chaininfo->data;
275 counter_base = cb_base + chaininfo->counter_offset;
276 sp++;
277 continue;
278 letscontinue:
279 point = (struct ebt_entry *)
280 (((char *)point) + point->next_offset);
281 i++;
282 }
283
284 /* I actually like this :) */
285 if (chaininfo->policy == EBT_RETURN)
286 goto letsreturn;
287 if (chaininfo->policy == EBT_ACCEPT) {
288 read_unlock_bh(&table->lock);
289 return NF_ACCEPT;
290 }
291 read_unlock_bh(&table->lock);
292 return NF_DROP;
293 }
294
295 /* If it succeeds, returns element and locks mutex */
296 static inline void *
297 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
298 struct semaphore *mutex)
299 {
300 void *ret;
301
302 *error = down_interruptible(mutex);
303 if (*error != 0)
304 return NULL;
305
306 ret = list_named_find(head, name);
307 if (!ret) {
308 *error = -ENOENT;
309 up(mutex);
310 }
311 return ret;
312 }
313
314 #ifndef CONFIG_KMOD
315 #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m))
316 #else
317 static void *
318 find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
319 int *error, struct semaphore *mutex)
320 {
321 void *ret;
322
323 ret = find_inlist_lock_noload(head, name, error, mutex);
324 if (!ret) {
325 request_module("%s%s", prefix, name);
326 ret = find_inlist_lock_noload(head, name, error, mutex);
327 }
328 return ret;
329 }
330 #endif
331
332 static inline struct ebt_table *
333 find_table_lock(const char *name, int *error, struct semaphore *mutex)
334 {
335 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
336 }
337
338 static inline struct ebt_match *
339 find_match_lock(const char *name, int *error, struct semaphore *mutex)
340 {
341 return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex);
342 }
343
344 static inline struct ebt_watcher *
345 find_watcher_lock(const char *name, int *error, struct semaphore *mutex)
346 {
347 return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex);
348 }
349
350 static inline struct ebt_target *
351 find_target_lock(const char *name, int *error, struct semaphore *mutex)
352 {
353 return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex);
354 }
355
356 static inline int
357 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
358 const char *name, unsigned int hookmask, unsigned int *cnt)
359 {
360 struct ebt_match *match;
361 int ret;
362
363 if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
364 ((char *)e) + e->watchers_offset)
365 return -EINVAL;
366 match = find_match_lock(m->u.name, &ret, &ebt_mutex);
367 if (!match)
368 return ret;
369 m->u.match = match;
370 if (!try_module_get(match->me)) {
371 up(&ebt_mutex);
372 return -ENOENT;
373 }
374 up(&ebt_mutex);
375 if (match->check &&
376 match->check(name, hookmask, e, m->data, m->match_size) != 0) {
377 BUGPRINT("match->check failed\n");
378 module_put(match->me);
379 return -EINVAL;
380 }
381 (*cnt)++;
382 return 0;
383 }
384
385 static inline int
386 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
387 const char *name, unsigned int hookmask, unsigned int *cnt)
388 {
389 struct ebt_watcher *watcher;
390 int ret;
391
392 if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
393 ((char *)e) + e->target_offset)
394 return -EINVAL;
395 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
396 if (!watcher)
397 return ret;
398 w->u.watcher = watcher;
399 if (!try_module_get(watcher->me)) {
400 up(&ebt_mutex);
401 return -ENOENT;
402 }
403 up(&ebt_mutex);
404 if (watcher->check &&
405 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
406 BUGPRINT("watcher->check failed\n");
407 module_put(watcher->me);
408 return -EINVAL;
409 }
410 (*cnt)++;
411 return 0;
412 }
413
414 /*
415 * this one is very careful, as it is the first function
416 * to parse the userspace data
417 */
418 static inline int
419 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
420 struct ebt_table_info *newinfo, char *base, char *limit,
421 struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
422 unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
423 {
424 int i;
425
426 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
427 if ((valid_hooks & (1 << i)) == 0)
428 continue;
429 if ( (char *)hook_entries[i] - base ==
430 (char *)e - newinfo->entries)
431 break;
432 }
433 /* beginning of a new chain
434 if i == NF_BR_NUMHOOKS it must be a user defined chain */
435 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
436 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
437 /* we make userspace set this right,
438 so there is no misunderstanding */
439 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
440 "in distinguisher\n");
441 return -EINVAL;
442 }
443 /* this checks if the previous chain has as many entries
444 as it said it has */
445 if (*n != *cnt) {
446 BUGPRINT("nentries does not equal the nr of entries "
447 "in the chain\n");
448 return -EINVAL;
449 }
450 /* before we look at the struct, be sure it is not too big */
451 if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
452 > limit) {
453 BUGPRINT("entries_size too small\n");
454 return -EINVAL;
455 }
456 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
457 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
458 /* only RETURN from udc */
459 if (i != NF_BR_NUMHOOKS ||
460 ((struct ebt_entries *)e)->policy != EBT_RETURN) {
461 BUGPRINT("bad policy\n");
462 return -EINVAL;
463 }
464 }
465 if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
466 (*udc_cnt)++;
467 else
468 newinfo->hook_entry[i] = (struct ebt_entries *)e;
469 if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
470 BUGPRINT("counter_offset != totalcnt");
471 return -EINVAL;
472 }
473 *n = ((struct ebt_entries *)e)->nentries;
474 *cnt = 0;
475 return 0;
476 }
477 /* a plain old entry, heh */
478 if (sizeof(struct ebt_entry) > e->watchers_offset ||
479 e->watchers_offset > e->target_offset ||
480 e->target_offset >= e->next_offset) {
481 BUGPRINT("entry offsets not in right order\n");
482 return -EINVAL;
483 }
484 /* this is not checked anywhere else */
485 if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
486 BUGPRINT("target size too small\n");
487 return -EINVAL;
488 }
489
490 (*cnt)++;
491 (*totalcnt)++;
492 return 0;
493 }
494
495 struct ebt_cl_stack
496 {
497 struct ebt_chainstack cs;
498 int from;
499 unsigned int hookmask;
500 };
501
502 /*
503 * we need these positions to check that the jumps to a different part of the
504 * entries is a jump to the beginning of a new chain.
505 */
506 static inline int
507 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
508 struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
509 struct ebt_cl_stack *udc)
510 {
511 int i;
512
513 /* we're only interested in chain starts */
514 if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
515 return 0;
516 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
517 if ((valid_hooks & (1 << i)) == 0)
518 continue;
519 if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
520 break;
521 }
522 /* only care about udc */
523 if (i != NF_BR_NUMHOOKS)
524 return 0;
525
526 udc[*n].cs.chaininfo = (struct ebt_entries *)e;
527 /* these initialisations are depended on later in check_chainloops() */
528 udc[*n].cs.n = 0;
529 udc[*n].hookmask = 0;
530
531 (*n)++;
532 return 0;
533 }
534
535 static inline int
536 ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
537 {
538 if (i && (*i)-- == 0)
539 return 1;
540 if (m->u.match->destroy)
541 m->u.match->destroy(m->data, m->match_size);
542 module_put(m->u.match->me);
543
544 return 0;
545 }
546
547 static inline int
548 ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
549 {
550 if (i && (*i)-- == 0)
551 return 1;
552 if (w->u.watcher->destroy)
553 w->u.watcher->destroy(w->data, w->watcher_size);
554 module_put(w->u.watcher->me);
555
556 return 0;
557 }
558
559 static inline int
560 ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
561 {
562 struct ebt_entry_target *t;
563
564 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
565 return 0;
566 /* we're done */
567 if (cnt && (*cnt)-- == 0)
568 return 1;
569 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
570 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
571 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
572 if (t->u.target->destroy)
573 t->u.target->destroy(t->data, t->target_size);
574 module_put(t->u.target->me);
575
576 return 0;
577 }
578
579 static inline int
580 ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
581 const char *name, unsigned int *cnt, unsigned int valid_hooks,
582 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
583 {
584 struct ebt_entry_target *t;
585 struct ebt_target *target;
586 unsigned int i, j, hook = 0, hookmask = 0;
587 int ret;
588
589 /* don't mess with the struct ebt_entries */
590 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
591 return 0;
592
593 if (e->bitmask & ~EBT_F_MASK) {
594 BUGPRINT("Unknown flag for bitmask\n");
595 return -EINVAL;
596 }
597 if (e->invflags & ~EBT_INV_MASK) {
598 BUGPRINT("Unknown flag for inv bitmask\n");
599 return -EINVAL;
600 }
601 if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) {
602 BUGPRINT("NOPROTO & 802_3 not allowed\n");
603 return -EINVAL;
604 }
605 /* what hook do we belong to? */
606 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
607 if ((valid_hooks & (1 << i)) == 0)
608 continue;
609 if ((char *)newinfo->hook_entry[i] < (char *)e)
610 hook = i;
611 else
612 break;
613 }
614 /* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
615 a base chain */
616 if (i < NF_BR_NUMHOOKS)
617 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
618 else {
619 for (i = 0; i < udc_cnt; i++)
620 if ((char *)(cl_s[i].cs.chaininfo) > (char *)e)
621 break;
622 if (i == 0)
623 hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
624 else
625 hookmask = cl_s[i - 1].hookmask;
626 }
627 i = 0;
628 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
629 if (ret != 0)
630 goto cleanup_matches;
631 j = 0;
632 ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
633 if (ret != 0)
634 goto cleanup_watchers;
635 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
636 target = find_target_lock(t->u.name, &ret, &ebt_mutex);
637 if (!target)
638 goto cleanup_watchers;
639 if (!try_module_get(target->me)) {
640 up(&ebt_mutex);
641 ret = -ENOENT;
642 goto cleanup_watchers;
643 }
644 up(&ebt_mutex);
645
646 t->u.target = target;
647 if (t->u.target == &ebt_standard_target) {
648 if (e->target_offset + sizeof(struct ebt_standard_target) >
649 e->next_offset) {
650 BUGPRINT("Standard target size too big\n");
651 ret = -EFAULT;
652 goto cleanup_watchers;
653 }
654 if (((struct ebt_standard_target *)t)->verdict <
655 -NUM_STANDARD_TARGETS) {
656 BUGPRINT("Invalid standard target\n");
657 ret = -EFAULT;
658 goto cleanup_watchers;
659 }
660 } else if ((e->target_offset + t->target_size +
661 sizeof(struct ebt_entry_target) > e->next_offset) ||
662 (t->u.target->check &&
663 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
664 module_put(t->u.target->me);
665 ret = -EFAULT;
666 goto cleanup_watchers;
667 }
668 (*cnt)++;
669 return 0;
670 cleanup_watchers:
671 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
672 cleanup_matches:
673 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i);
674 return ret;
675 }
676
677 /*
678 * checks for loops and sets the hook mask for udc
679 * the hook mask for udc tells us from which base chains the udc can be
680 * accessed. This mask is a parameter to the check() functions of the extensions
681 */
682 static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
683 unsigned int udc_cnt, unsigned int hooknr, char *base)
684 {
685 int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
686 struct ebt_entry *e = (struct ebt_entry *)chain->data;
687 struct ebt_entry_target *t;
688
689 while (pos < nentries || chain_nr != -1) {
690 /* end of udc, go back one 'recursion' step */
691 if (pos == nentries) {
692 /* put back values of the time when this chain was called */
693 e = cl_s[chain_nr].cs.e;
694 if (cl_s[chain_nr].from != -1)
695 nentries =
696 cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries;
697 else
698 nentries = chain->nentries;
699 pos = cl_s[chain_nr].cs.n;
700 /* make sure we won't see a loop that isn't one */
701 cl_s[chain_nr].cs.n = 0;
702 chain_nr = cl_s[chain_nr].from;
703 if (pos == nentries)
704 continue;
705 }
706 t = (struct ebt_entry_target *)
707 (((char *)e) + e->target_offset);
708 if (strcmp(t->u.name, EBT_STANDARD_TARGET))
709 goto letscontinue;
710 if (e->target_offset + sizeof(struct ebt_standard_target) >
711 e->next_offset) {
712 BUGPRINT("Standard target size too big\n");
713 return -1;
714 }
715 verdict = ((struct ebt_standard_target *)t)->verdict;
716 if (verdict >= 0) { /* jump to another chain */
717 struct ebt_entries *hlp2 =
718 (struct ebt_entries *)(base + verdict);
719 for (i = 0; i < udc_cnt; i++)
720 if (hlp2 == cl_s[i].cs.chaininfo)
721 break;
722 /* bad destination or loop */
723 if (i == udc_cnt) {
724 BUGPRINT("bad destination\n");
725 return -1;
726 }
727 if (cl_s[i].cs.n) {
728 BUGPRINT("loop\n");
729 return -1;
730 }
731 /* this can't be 0, so the above test is correct */
732 cl_s[i].cs.n = pos + 1;
733 pos = 0;
734 cl_s[i].cs.e = ((void *)e + e->next_offset);
735 e = (struct ebt_entry *)(hlp2->data);
736 nentries = hlp2->nentries;
737 cl_s[i].from = chain_nr;
738 chain_nr = i;
739 /* this udc is accessible from the base chain for hooknr */
740 cl_s[i].hookmask |= (1 << hooknr);
741 continue;
742 }
743 letscontinue:
744 e = (void *)e + e->next_offset;
745 pos++;
746 }
747 return 0;
748 }
749
750 /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
751 static int translate_table(struct ebt_replace *repl,
752 struct ebt_table_info *newinfo)
753 {
754 unsigned int i, j, k, udc_cnt;
755 int ret;
756 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
757
758 i = 0;
759 while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
760 i++;
761 if (i == NF_BR_NUMHOOKS) {
762 BUGPRINT("No valid hooks specified\n");
763 return -EINVAL;
764 }
765 if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) {
766 BUGPRINT("Chains don't start at beginning\n");
767 return -EINVAL;
768 }
769 /* make sure chains are ordered after each other in same order
770 as their corresponding hooks */
771 for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
772 if (!(repl->valid_hooks & (1 << j)))
773 continue;
774 if ( repl->hook_entry[j] <= repl->hook_entry[i] ) {
775 BUGPRINT("Hook order must be followed\n");
776 return -EINVAL;
777 }
778 i = j;
779 }
780
781 for (i = 0; i < NF_BR_NUMHOOKS; i++)
782 newinfo->hook_entry[i] = NULL;
783
784 newinfo->entries_size = repl->entries_size;
785 newinfo->nentries = repl->nentries;
786
787 /* do some early checkings and initialize some things */
788 i = 0; /* holds the expected nr. of entries for the chain */
789 j = 0; /* holds the up to now counted entries for the chain */
790 k = 0; /* holds the total nr. of entries, should equal
791 newinfo->nentries afterwards */
792 udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
793 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
794 ebt_check_entry_size_and_hooks, newinfo, repl->entries,
795 repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
796 &udc_cnt, repl->valid_hooks);
797
798 if (ret != 0)
799 return ret;
800
801 if (i != j) {
802 BUGPRINT("nentries does not equal the nr of entries in the "
803 "(last) chain\n");
804 return -EINVAL;
805 }
806 if (k != newinfo->nentries) {
807 BUGPRINT("Total nentries is wrong\n");
808 return -EINVAL;
809 }
810
811 /* check if all valid hooks have a chain */
812 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
813 if (newinfo->hook_entry[i] == NULL &&
814 (repl->valid_hooks & (1 << i))) {
815 BUGPRINT("Valid hook without chain\n");
816 return -EINVAL;
817 }
818 }
819
820 /* get the location of the udc, put them in an array
821 while we're at it, allocate the chainstack */
822 if (udc_cnt) {
823 /* this will get free'd in do_replace()/ebt_register_table()
824 if an error occurs */
825 newinfo->chainstack = (struct ebt_chainstack **)
826 vmalloc(num_possible_cpus() * sizeof(struct ebt_chainstack));
827 if (!newinfo->chainstack)
828 return -ENOMEM;
829 for (i = 0; i < num_possible_cpus(); i++) {
830 newinfo->chainstack[i] =
831 vmalloc(udc_cnt * sizeof(struct ebt_chainstack));
832 if (!newinfo->chainstack[i]) {
833 while (i)
834 vfree(newinfo->chainstack[--i]);
835 vfree(newinfo->chainstack);
836 newinfo->chainstack = NULL;
837 return -ENOMEM;
838 }
839 }
840
841 cl_s = (struct ebt_cl_stack *)
842 vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
843 if (!cl_s)
844 return -ENOMEM;
845 i = 0; /* the i'th udc */
846 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
847 ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
848 repl->valid_hooks, cl_s);
849 /* sanity check */
850 if (i != udc_cnt) {
851 BUGPRINT("i != udc_cnt\n");
852 vfree(cl_s);
853 return -EFAULT;
854 }
855 }
856
857 /* Check for loops */
858 for (i = 0; i < NF_BR_NUMHOOKS; i++)
859 if (repl->valid_hooks & (1 << i))
860 if (check_chainloops(newinfo->hook_entry[i],
861 cl_s, udc_cnt, i, newinfo->entries)) {
862 if (cl_s)
863 vfree(cl_s);
864 return -EINVAL;
865 }
866
867 /* we now know the following (along with E=mc²):
868 - the nr of entries in each chain is right
869 - the size of the allocated space is right
870 - all valid hooks have a corresponding chain
871 - there are no loops
872 - wrong data can still be on the level of a single entry
873 - could be there are jumps to places that are not the
874 beginning of a chain. This can only occur in chains that
875 are not accessible from any base chains, so we don't care. */
876
877 /* used to know what we need to clean up if something goes wrong */
878 i = 0;
879 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
880 ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
881 cl_s, udc_cnt);
882 if (ret != 0) {
883 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
884 ebt_cleanup_entry, &i);
885 }
886 if (cl_s)
887 vfree(cl_s);
888 return ret;
889 }
890
891 /* called under write_lock */
892 static void get_counters(struct ebt_counter *oldcounters,
893 struct ebt_counter *counters, unsigned int nentries)
894 {
895 int i, cpu;
896 struct ebt_counter *counter_base;
897
898 /* counters of cpu 0 */
899 memcpy(counters, oldcounters,
900 sizeof(struct ebt_counter) * nentries);
901 /* add other counters to those of cpu 0 */
902 for (cpu = 1; cpu < num_possible_cpus(); cpu++) {
903 counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
904 for (i = 0; i < nentries; i++) {
905 counters[i].pcnt += counter_base[i].pcnt;
906 counters[i].bcnt += counter_base[i].bcnt;
907 }
908 }
909 }
910
911 /* replace the table */
912 static int do_replace(void __user *user, unsigned int len)
913 {
914 int ret, i, countersize;
915 struct ebt_table_info *newinfo;
916 struct ebt_replace tmp;
917 struct ebt_table *t;
918 struct ebt_counter *counterstmp = NULL;
919 /* used to be able to unlock earlier */
920 struct ebt_table_info *table;
921
922 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
923 return -EFAULT;
924
925 if (len != sizeof(tmp) + tmp.entries_size) {
926 BUGPRINT("Wrong len argument\n");
927 return -EINVAL;
928 }
929
930 if (tmp.entries_size == 0) {
931 BUGPRINT("Entries_size never zero\n");
932 return -EINVAL;
933 }
934 countersize = COUNTER_OFFSET(tmp.nentries) * num_possible_cpus();
935 newinfo = (struct ebt_table_info *)
936 vmalloc(sizeof(struct ebt_table_info) + countersize);
937 if (!newinfo)
938 return -ENOMEM;
939
940 if (countersize)
941 memset(newinfo->counters, 0, countersize);
942
943 newinfo->entries = (char *)vmalloc(tmp.entries_size);
944 if (!newinfo->entries) {
945 ret = -ENOMEM;
946 goto free_newinfo;
947 }
948 if (copy_from_user(
949 newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
950 BUGPRINT("Couldn't copy entries from userspace\n");
951 ret = -EFAULT;
952 goto free_entries;
953 }
954
955 /* the user wants counters back
956 the check on the size is done later, when we have the lock */
957 if (tmp.num_counters) {
958 counterstmp = (struct ebt_counter *)
959 vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
960 if (!counterstmp) {
961 ret = -ENOMEM;
962 goto free_entries;
963 }
964 }
965 else
966 counterstmp = NULL;
967
968 /* this can get initialized by translate_table() */
969 newinfo->chainstack = NULL;
970 ret = translate_table(&tmp, newinfo);
971
972 if (ret != 0)
973 goto free_counterstmp;
974
975 t = find_table_lock(tmp.name, &ret, &ebt_mutex);
976 if (!t) {
977 ret = -ENOENT;
978 goto free_iterate;
979 }
980
981 /* the table doesn't like it */
982 if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
983 goto free_unlock;
984
985 if (tmp.num_counters && tmp.num_counters != t->private->nentries) {
986 BUGPRINT("Wrong nr. of counters requested\n");
987 ret = -EINVAL;
988 goto free_unlock;
989 }
990
991 /* we have the mutex lock, so no danger in reading this pointer */
992 table = t->private;
993 /* make sure the table can only be rmmod'ed if it contains no rules */
994 if (!table->nentries && newinfo->nentries && !try_module_get(t->me)) {
995 ret = -ENOENT;
996 goto free_unlock;
997 } else if (table->nentries && !newinfo->nentries)
998 module_put(t->me);
999 /* we need an atomic snapshot of the counters */
1000 write_lock_bh(&t->lock);
1001 if (tmp.num_counters)
1002 get_counters(t->private->counters, counterstmp,
1003 t->private->nentries);
1004
1005 t->private = newinfo;
1006 write_unlock_bh(&t->lock);
1007 up(&ebt_mutex);
1008 /* so, a user can change the chains while having messed up her counter
1009 allocation. Only reason why this is done is because this way the lock
1010 is held only once, while this doesn't bring the kernel into a
1011 dangerous state. */
1012 if (tmp.num_counters &&
1013 copy_to_user(tmp.counters, counterstmp,
1014 tmp.num_counters * sizeof(struct ebt_counter))) {
1015 BUGPRINT("Couldn't copy counters to userspace\n");
1016 ret = -EFAULT;
1017 }
1018 else
1019 ret = 0;
1020
1021 /* decrease module count and free resources */
1022 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1023 ebt_cleanup_entry, NULL);
1024
1025 vfree(table->entries);
1026 if (table->chainstack) {
1027 for (i = 0; i < num_possible_cpus(); i++)
1028 vfree(table->chainstack[i]);
1029 vfree(table->chainstack);
1030 }
1031 vfree(table);
1032
1033 if (counterstmp)
1034 vfree(counterstmp);
1035 return ret;
1036
1037 free_unlock:
1038 up(&ebt_mutex);
1039 free_iterate:
1040 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1041 ebt_cleanup_entry, NULL);
1042 free_counterstmp:
1043 if (counterstmp)
1044 vfree(counterstmp);
1045 /* can be initialized in translate_table() */
1046 if (newinfo->chainstack) {
1047 for (i = 0; i < num_possible_cpus(); i++)
1048 vfree(newinfo->chainstack[i]);
1049 vfree(newinfo->chainstack);
1050 }
1051 free_entries:
1052 if (newinfo->entries)
1053 vfree(newinfo->entries);
1054 free_newinfo:
1055 if (newinfo)
1056 vfree(newinfo);
1057 return ret;
1058 }
1059
1060 int ebt_register_target(struct ebt_target *target)
1061 {
1062 int ret;
1063
1064 ret = down_interruptible(&ebt_mutex);
1065 if (ret != 0)
1066 return ret;
1067 if (!list_named_insert(&ebt_targets, target)) {
1068 up(&ebt_mutex);
1069 return -EEXIST;
1070 }
1071 up(&ebt_mutex);
1072
1073 return 0;
1074 }
1075
1076 void ebt_unregister_target(struct ebt_target *target)
1077 {
1078 down(&ebt_mutex);
1079 LIST_DELETE(&ebt_targets, target);
1080 up(&ebt_mutex);
1081 }
1082
1083 int ebt_register_match(struct ebt_match *match)
1084 {
1085 int ret;
1086
1087 ret = down_interruptible(&ebt_mutex);
1088 if (ret != 0)
1089 return ret;
1090 if (!list_named_insert(&ebt_matches, match)) {
1091 up(&ebt_mutex);
1092 return -EEXIST;
1093 }
1094 up(&ebt_mutex);
1095
1096 return 0;
1097 }
1098
1099 void ebt_unregister_match(struct ebt_match *match)
1100 {
1101 down(&ebt_mutex);
1102 LIST_DELETE(&ebt_matches, match);
1103 up(&ebt_mutex);
1104 }
1105
1106 int ebt_register_watcher(struct ebt_watcher *watcher)
1107 {
1108 int ret;
1109
1110 ret = down_interruptible(&ebt_mutex);
1111 if (ret != 0)
1112 return ret;
1113 if (!list_named_insert(&ebt_watchers, watcher)) {
1114 up(&ebt_mutex);
1115 return -EEXIST;
1116 }
1117 up(&ebt_mutex);
1118
1119 return 0;
1120 }
1121
1122 void ebt_unregister_watcher(struct ebt_watcher *watcher)
1123 {
1124 down(&ebt_mutex);
1125 LIST_DELETE(&ebt_watchers, watcher);
1126 up(&ebt_mutex);
1127 }
1128
1129 int ebt_register_table(struct ebt_table *table)
1130 {
1131 struct ebt_table_info *newinfo;
1132 int ret, i, countersize;
1133
1134 if (!table || !table->table ||!table->table->entries ||
1135 table->table->entries_size == 0 ||
1136 table->table->counters || table->private) {
1137 BUGPRINT("Bad table data for ebt_register_table!!!\n");
1138 return -EINVAL;
1139 }
1140
1141 countersize = COUNTER_OFFSET(table->table->nentries) * num_possible_cpus();
1142 newinfo = (struct ebt_table_info *)
1143 vmalloc(sizeof(struct ebt_table_info) + countersize);
1144 ret = -ENOMEM;
1145 if (!newinfo)
1146 return -ENOMEM;
1147
1148 newinfo->entries = (char *)vmalloc(table->table->entries_size);
1149 if (!(newinfo->entries))
1150 goto free_newinfo;
1151
1152 memcpy(newinfo->entries, table->table->entries,
1153 table->table->entries_size);
1154
1155 if (countersize)
1156 memset(newinfo->counters, 0, countersize);
1157
1158 /* fill in newinfo and parse the entries */
1159 newinfo->chainstack = NULL;
1160 ret = translate_table(table->table, newinfo);
1161 if (ret != 0) {
1162 BUGPRINT("Translate_table failed\n");
1163 goto free_chainstack;
1164 }
1165
1166 if (table->check && table->check(newinfo, table->valid_hooks)) {
1167 BUGPRINT("The table doesn't like its own initial data, lol\n");
1168 return -EINVAL;
1169 }
1170
1171 table->private = newinfo;
1172 rwlock_init(&table->lock);
1173 ret = down_interruptible(&ebt_mutex);
1174 if (ret != 0)
1175 goto free_chainstack;
1176
1177 if (list_named_find(&ebt_tables, table->name)) {
1178 ret = -EEXIST;
1179 BUGPRINT("Table name already exists\n");
1180 goto free_unlock;
1181 }
1182
1183 /* Hold a reference count if the chains aren't empty */
1184 if (newinfo->nentries && !try_module_get(table->me)) {
1185 ret = -ENOENT;
1186 goto free_unlock;
1187 }
1188 list_prepend(&ebt_tables, table);
1189 up(&ebt_mutex);
1190 return 0;
1191 free_unlock:
1192 up(&ebt_mutex);
1193 free_chainstack:
1194 if (newinfo->chainstack) {
1195 for (i = 0; i < num_possible_cpus(); i++)
1196 vfree(newinfo->chainstack[i]);
1197 vfree(newinfo->chainstack);
1198 }
1199 vfree(newinfo->entries);
1200 free_newinfo:
1201 vfree(newinfo);
1202 return ret;
1203 }
1204
1205 void ebt_unregister_table(struct ebt_table *table)
1206 {
1207 int i;
1208
1209 if (!table) {
1210 BUGPRINT("Request to unregister NULL table!!!\n");
1211 return;
1212 }
1213 down(&ebt_mutex);
1214 LIST_DELETE(&ebt_tables, table);
1215 up(&ebt_mutex);
1216 if (table->private->entries)
1217 vfree(table->private->entries);
1218 if (table->private->chainstack) {
1219 for (i = 0; i < num_possible_cpus(); i++)
1220 vfree(table->private->chainstack[i]);
1221 vfree(table->private->chainstack);
1222 }
1223 vfree(table->private);
1224 }
1225
1226 /* userspace just supplied us with counters */
1227 static int update_counters(void __user *user, unsigned int len)
1228 {
1229 int i, ret;
1230 struct ebt_counter *tmp;
1231 struct ebt_replace hlp;
1232 struct ebt_table *t;
1233
1234 if (copy_from_user(&hlp, user, sizeof(hlp)))
1235 return -EFAULT;
1236
1237 if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter))
1238 return -EINVAL;
1239 if (hlp.num_counters == 0)
1240 return -EINVAL;
1241
1242 if ( !(tmp = (struct ebt_counter *)
1243 vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1244 MEMPRINT("Update_counters && nomemory\n");
1245 return -ENOMEM;
1246 }
1247
1248 t = find_table_lock(hlp.name, &ret, &ebt_mutex);
1249 if (!t)
1250 goto free_tmp;
1251
1252 if (hlp.num_counters != t->private->nentries) {
1253 BUGPRINT("Wrong nr of counters\n");
1254 ret = -EINVAL;
1255 goto unlock_mutex;
1256 }
1257
1258 if ( copy_from_user(tmp, hlp.counters,
1259 hlp.num_counters * sizeof(struct ebt_counter)) ) {
1260 BUGPRINT("Updata_counters && !cfu\n");
1261 ret = -EFAULT;
1262 goto unlock_mutex;
1263 }
1264
1265 /* we want an atomic add of the counters */
1266 write_lock_bh(&t->lock);
1267
1268 /* we add to the counters of the first cpu */
1269 for (i = 0; i < hlp.num_counters; i++) {
1270 t->private->counters[i].pcnt += tmp[i].pcnt;
1271 t->private->counters[i].bcnt += tmp[i].bcnt;
1272 }
1273
1274 write_unlock_bh(&t->lock);
1275 ret = 0;
1276 unlock_mutex:
1277 up(&ebt_mutex);
1278 free_tmp:
1279 vfree(tmp);
1280 return ret;
1281 }
1282
1283 static inline int ebt_make_matchname(struct ebt_entry_match *m,
1284 char *base, char *ubase)
1285 {
1286 char *hlp = ubase - base + (char *)m;
1287 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))
1288 return -EFAULT;
1289 return 0;
1290 }
1291
1292 static inline int ebt_make_watchername(struct ebt_entry_watcher *w,
1293 char *base, char *ubase)
1294 {
1295 char *hlp = ubase - base + (char *)w;
1296 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))
1297 return -EFAULT;
1298 return 0;
1299 }
1300
1301 static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
1302 {
1303 int ret;
1304 char *hlp;
1305 struct ebt_entry_target *t;
1306
1307 if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
1308 return 0;
1309
1310 hlp = ubase - base + (char *)e + e->target_offset;
1311 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
1312
1313 ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
1314 if (ret != 0)
1315 return ret;
1316 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1317 if (ret != 0)
1318 return ret;
1319 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
1320 return -EFAULT;
1321 return 0;
1322 }
1323
1324 /* called with ebt_mutex down */
1325 static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1326 int *len, int cmd)
1327 {
1328 struct ebt_replace tmp;
1329 struct ebt_counter *counterstmp, *oldcounters;
1330 unsigned int entries_size, nentries;
1331 char *entries;
1332
1333 if (cmd == EBT_SO_GET_ENTRIES) {
1334 entries_size = t->private->entries_size;
1335 nentries = t->private->nentries;
1336 entries = t->private->entries;
1337 oldcounters = t->private->counters;
1338 } else {
1339 entries_size = t->table->entries_size;
1340 nentries = t->table->nentries;
1341 entries = t->table->entries;
1342 oldcounters = t->table->counters;
1343 }
1344
1345 if (copy_from_user(&tmp, user, sizeof(tmp))) {
1346 BUGPRINT("Cfu didn't work\n");
1347 return -EFAULT;
1348 }
1349
1350 if (*len != sizeof(struct ebt_replace) + entries_size +
1351 (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) {
1352 BUGPRINT("Wrong size\n");
1353 return -EINVAL;
1354 }
1355
1356 if (tmp.nentries != nentries) {
1357 BUGPRINT("Nentries wrong\n");
1358 return -EINVAL;
1359 }
1360
1361 if (tmp.entries_size != entries_size) {
1362 BUGPRINT("Wrong size\n");
1363 return -EINVAL;
1364 }
1365
1366 /* userspace might not need the counters */
1367 if (tmp.num_counters) {
1368 if (tmp.num_counters != nentries) {
1369 BUGPRINT("Num_counters wrong\n");
1370 return -EINVAL;
1371 }
1372 counterstmp = (struct ebt_counter *)
1373 vmalloc(nentries * sizeof(struct ebt_counter));
1374 if (!counterstmp) {
1375 MEMPRINT("Couldn't copy counters, out of memory\n");
1376 return -ENOMEM;
1377 }
1378 write_lock_bh(&t->lock);
1379 get_counters(oldcounters, counterstmp, nentries);
1380 write_unlock_bh(&t->lock);
1381
1382 if (copy_to_user(tmp.counters, counterstmp,
1383 nentries * sizeof(struct ebt_counter))) {
1384 BUGPRINT("Couldn't copy counters to userspace\n");
1385 vfree(counterstmp);
1386 return -EFAULT;
1387 }
1388 vfree(counterstmp);
1389 }
1390
1391 if (copy_to_user(tmp.entries, entries, entries_size)) {
1392 BUGPRINT("Couldn't copy entries to userspace\n");
1393 return -EFAULT;
1394 }
1395 /* set the match/watcher/target names right */
1396 return EBT_ENTRY_ITERATE(entries, entries_size,
1397 ebt_make_names, entries, tmp.entries);
1398 }
1399
1400 static int do_ebt_set_ctl(struct sock *sk,
1401 int cmd, void __user *user, unsigned int len)
1402 {
1403 int ret;
1404
1405 switch(cmd) {
1406 case EBT_SO_SET_ENTRIES:
1407 ret = do_replace(user, len);
1408 break;
1409 case EBT_SO_SET_COUNTERS:
1410 ret = update_counters(user, len);
1411 break;
1412 default:
1413 ret = -EINVAL;
1414 }
1415 return ret;
1416 }
1417
1418 static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1419 {
1420 int ret;
1421 struct ebt_replace tmp;
1422 struct ebt_table *t;
1423
1424 if (copy_from_user(&tmp, user, sizeof(tmp)))
1425 return -EFAULT;
1426
1427 t = find_table_lock(tmp.name, &ret, &ebt_mutex);
1428 if (!t)
1429 return ret;
1430
1431 switch(cmd) {
1432 case EBT_SO_GET_INFO:
1433 case EBT_SO_GET_INIT_INFO:
1434 if (*len != sizeof(struct ebt_replace)){
1435 ret = -EINVAL;
1436 up(&ebt_mutex);
1437 break;
1438 }
1439 if (cmd == EBT_SO_GET_INFO) {
1440 tmp.nentries = t->private->nentries;
1441 tmp.entries_size = t->private->entries_size;
1442 tmp.valid_hooks = t->valid_hooks;
1443 } else {
1444 tmp.nentries = t->table->nentries;
1445 tmp.entries_size = t->table->entries_size;
1446 tmp.valid_hooks = t->table->valid_hooks;
1447 }
1448 up(&ebt_mutex);
1449 if (copy_to_user(user, &tmp, *len) != 0){
1450 BUGPRINT("c2u Didn't work\n");
1451 ret = -EFAULT;
1452 break;
1453 }
1454 ret = 0;
1455 break;
1456
1457 case EBT_SO_GET_ENTRIES:
1458 case EBT_SO_GET_INIT_ENTRIES:
1459 ret = copy_everything_to_user(t, user, len, cmd);
1460 up(&ebt_mutex);
1461 break;
1462
1463 default:
1464 up(&ebt_mutex);
1465 ret = -EINVAL;
1466 }
1467
1468 return ret;
1469 }
1470
1471 static struct nf_sockopt_ops ebt_sockopts =
1472 { { NULL, NULL }, PF_INET, EBT_BASE_CTL, EBT_SO_SET_MAX + 1, do_ebt_set_ctl,
1473 EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL
1474 };
1475
1476 static int __init init(void)
1477 {
1478 int ret;
1479
1480 down(&ebt_mutex);
1481 list_named_insert(&ebt_targets, &ebt_standard_target);
1482 up(&ebt_mutex);
1483 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1484 return ret;
1485
1486 printk(KERN_NOTICE "Ebtables v2.0 registered\n");
1487 return 0;
1488 }
1489
1490 static void __exit fini(void)
1491 {
1492 nf_unregister_sockopt(&ebt_sockopts);
1493 printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
1494 }
1495
1496 EXPORT_SYMBOL(ebt_register_table);
1497 EXPORT_SYMBOL(ebt_unregister_table);
1498 EXPORT_SYMBOL(ebt_register_match);
1499 EXPORT_SYMBOL(ebt_unregister_match);
1500 EXPORT_SYMBOL(ebt_register_watcher);
1501 EXPORT_SYMBOL(ebt_unregister_watcher);
1502 EXPORT_SYMBOL(ebt_register_target);
1503 EXPORT_SYMBOL(ebt_unregister_target);
1504 EXPORT_SYMBOL(ebt_do_table);
1505 module_init(init);
1506 module_exit(fini);
1507 MODULE_LICENSE("GPL");
Verdex Pro support